Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1)

The remote Ubuntu host is missing one or more security-related patches.

Description :

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-3734,
CVE-2007-3735)

Flaws were discovered in the JavaScript methods addEventListener and
setTimeout which could be used to inject script into another site in
violation of the browser's same-origin policy. A malicious web site
could exploit this to modify the contents, or steal confidential data
(such as passwords), of other web pages. (CVE-2007-3736)

Ronen Zilberman and Michal Zalewski discovered timing attacks in the
JavaScript engine's use of about:blank frames. A malicious web site
could exploit this to modify the contents, or steal confidential data
(such as passwords), of other web pages. (CVE-2007-3089)

A flaw was discovered in the JavaScript event handling code. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-3737)

Michal Zalewski discovered flaws in the same-origin handling of cached
'wyciwyg://' documents. A malicious web site could exploit this to
modify the contents, or steal confidential data (such as passwords),
of other web pages. (CVE-2007-3656)

Various flaws were discovered in the XPCNativeWrapper method. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-3738).

Training & Certification

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.